From owner-freebsd-pf@FreeBSD.ORG Sun May 22 10:58:24 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58233106564A for ; Sun, 22 May 2011 10:58:24 +0000 (UTC) (envelope-from freebsd-pf@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id 01CFC8FC08 for ; Sun, 22 May 2011 10:58:23 +0000 (UTC) Received: from laptop1.herveybayaustralia.com.au (laptop1.herveybayaustralia.com.au [192.168.0.186]) by mail.unitedinsong.com.au (Postfix) with ESMTP id 1CF955C22 for ; Sun, 22 May 2011 20:47:56 +1000 (EST) Message-ID: <4DD8E815.4090209@herveybayaustralia.com.au> Date: Sun, 22 May 2011 20:40:21 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.16) Gecko/20110204 Thunderbird/3.0.11 ThunderBrowse/3.3.4 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: pf firewall nat and IPSec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 May 2011 10:58:24 -0000 I have an android mobile I'm trying to connect using the L2TP/IPSec vpn. I now have it working well on the lan, but the mobile network fails. I also have the L2TP part working alone. Racoon seems to be working, I have forced nat turned on, but for some reason it won't connect- or if it does its only for seconds. My PF is setup with binat for the VPN system, although there is other services to that system and others on the network. My relevant rules are as follows: scrub max-mss 1396 no-df binat on $ext_if from $voip to any -> $ext_ip pass in $plog on $ext_if proto { udp, ah, esp, ipencap } from any to $vpn tag EXT_IPSEC keep state pass out $plog on $int_if proto { udp, ah, esp, ipencap } from any to $vpn tagged EXT_IPSEC keep state What am I missing? Android logs show that phase1 works, and then phase2 fails because phase1 ran out of time. I could really use some advice from those with experience in this setup. Cheers From owner-freebsd-pf@FreeBSD.ORG Sun May 22 12:22:32 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 176ED1065677 for ; Sun, 22 May 2011 12:22:32 +0000 (UTC) (envelope-from zeus@relay.ibs.dn.ua) Received: from relay.ibs.dn.ua (relay.ibs.dn.ua [91.216.196.25]) by mx1.freebsd.org (Postfix) with ESMTP id 86F708FC1A for ; Sun, 22 May 2011 12:22:30 +0000 (UTC) Received: from relay.ibs.dn.ua (localhost [127.0.0.1]) by relay.ibs.dn.ua with ESMTP id p4MCMTgB005362 for ; Sun, 22 May 2011 15:22:29 +0300 (EEST) Received: (from zeus@localhost) by relay.ibs.dn.ua (8.14.4/8.14.4/Submit) id p4MCMTvp005361 for freebsd-pf@freebsd.org; Sun, 22 May 2011 15:22:29 +0300 (EEST) Date: Sun, 22 May 2011 15:22:29 +0300 From: Zeus V Panchenko To: freebsd-pf@freebsd.org Message-ID: <20110522122229.GD36033@relay.ibs.dn.ua> Mail-Followup-To: freebsd-pf@freebsd.org References: <4DD8E815.4090209@herveybayaustralia.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4DD8E815.4090209@herveybayaustralia.com.au> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 8.1-RELEASE X-Editor: GNU Emacs 23.2.1 X-Face: iVBORw0KGgoAAAANSUhEUgAAACoAAAAqBAMAAAA37dRoAAAAFVBMVEWjjoiZhHDWzcZuW1U wOT+RcGxziJxEN0lIAAABrklEQVQokV2STXLbMAyFQaraE3a5dzSTfR1IF7CQrM3QuECn9z9DH0 gxzgSyFvr88PBD0uJxoR6BE+e8LtRgohE5ZB50sODP/REbfUnte/z12+llCekLUSKenFIMke6Be WinE8H0RJHSN71rUQp64gFDmtDDhRk0zam3FzpNVFprhwPGaFo6oY9wDBJQ9Qz6EuKyROJjDGa+ uza4VOTa8iHlN58Yv5BF9+4BGl0LA5pUD5xKXg4aQlVZm0co3NKxCGxQpu3aC352Gv3DZONmwQd tkrlaylV3YSew7bWtwAZF/zi9jblmprPoL7ktzeFSxmarVNmWRi+Bmxg7Y7tbGtR8XZUxLTo86G thANsssetjp3POuBvMBRlw6jRa5pKN7yVlP+F2lyiZGSMf5hnSU6eAVupmtfjRcxy0momwpxDnz 06hwnOWvBnUdR8U2/KX7cq26u1Jy5xFZMPOVONRbRUrwey8Qar6cWgf12xSymQuVX0DfYd4R8kN Hg0qCtLeaYZcj8B90M2N0cEX1P0vKSxw7NLy/3X8Qeriusu66jNA37P4Mn5QRTG2hz4d9D/6E3a EX852nwAAAABJRU5ErkJggg== Subject: Re: pf firewall nat and IPSec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: zeus@ibs.dn.ua List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 May 2011 12:22:32 -0000 i was not able to figure it out too ... ipsec esteblishes connection, android receives ip address, even can ping for a short time and after that it breaks no idea what's wrong ... -- Zeus V. Panchenko GMT+2 (EET) From owner-freebsd-pf@FreeBSD.ORG Mon May 23 05:23:18 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C40951065673 for ; Mon, 23 May 2011 05:23:18 +0000 (UTC) (envelope-from freebsd-pf@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id 76D888FC0C for ; Mon, 23 May 2011 05:23:18 +0000 (UTC) Received: from laptop1.herveybayaustralia.com.au (laptop1.herveybayaustralia.com.au [192.168.0.186]) by mail.unitedinsong.com.au (Postfix) with ESMTP id AD10A5C22 for ; Mon, 23 May 2011 15:31:46 +1000 (EST) Message-ID: <4DD9EF87.6070104@herveybayaustralia.com.au> Date: Mon, 23 May 2011 15:24:23 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.16) Gecko/20110204 Thunderbird/3.0.11 ThunderBrowse/3.3.4 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <4DD8E815.4090209@herveybayaustralia.com.au> <20110522122229.GD36033@relay.ibs.dn.ua> In-Reply-To: <20110522122229.GD36033@relay.ibs.dn.ua> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: pf firewall nat and IPSec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2011 05:23:18 -0000 On 05/22/11 22:22, Zeus V Panchenko wrote: > i was not able to figure it out too ... > ipsec esteblishes connection, android receives ip address, even can > ping for a short time and after that it breaks > > no idea what's wrong ... > > Ok. So I've tried wifi hotspots and the mobile network- all no go. Racoon's obviously not the problem or L2TP; its definitely PF. What do I need to do to find the problem definitively and resolve it? Has anyone tried with other firewalls? If not I can maybe try IPFW or another. From owner-freebsd-pf@FreeBSD.ORG Mon May 23 11:07:05 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E61CC1065675 for ; Mon, 23 May 2011 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D625B8FC16 for ; Mon, 23 May 2011 11:07:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4NB74Vi051750 for ; Mon, 23 May 2011 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4NB74M3051748 for freebsd-pf@FreeBSD.org; Mon, 23 May 2011 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 23 May 2011 11:07:04 GMT Message-Id: <201105231107.p4NB74M3051748@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2011 11:07:05 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 46 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue May 24 07:25:53 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5BF03106564A for ; Tue, 24 May 2011 07:25:53 +0000 (UTC) (envelope-from zeus@relay.ibs.dn.ua) Received: from relay.ibs.dn.ua (relay.ibs.dn.ua [91.216.196.25]) by mx1.freebsd.org (Postfix) with ESMTP id C79238FC0A for ; Tue, 24 May 2011 07:25:51 +0000 (UTC) Received: from relay.ibs.dn.ua (localhost [127.0.0.1]) by relay.ibs.dn.ua with ESMTP id p4O7PoiJ082695 for ; Tue, 24 May 2011 10:25:50 +0300 (EEST) Received: (from zeus@localhost) by relay.ibs.dn.ua (8.14.4/8.14.4/Submit) id p4O7Pokv082694 for freebsd-pf@freebsd.org; Tue, 24 May 2011 10:25:50 +0300 (EEST) Date: Tue, 24 May 2011 10:25:50 +0300 From: Zeus V Panchenko To: freebsd-pf@freebsd.org Message-ID: <20110524072550.GB70509@relay.ibs.dn.ua> Mail-Followup-To: freebsd-pf@freebsd.org References: <4DD8E815.4090209@herveybayaustralia.com.au> <20110522122229.GD36033@relay.ibs.dn.ua> <4DD9EF87.6070104@herveybayaustralia.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4DD9EF87.6070104@herveybayaustralia.com.au> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 8.1-RELEASE X-Editor: GNU Emacs 23.2.1 X-Face: iVBORw0KGgoAAAANSUhEUgAAACoAAAAqBAMAAAA37dRoAAAAFVBMVEWjjoiZhHDWzcZuW1U wOT+RcGxziJxEN0lIAAABrklEQVQokV2STXLbMAyFQaraE3a5dzSTfR1IF7CQrM3QuECn9z9DH0 gxzgSyFvr88PBD0uJxoR6BE+e8LtRgohE5ZB50sODP/REbfUnte/z12+llCekLUSKenFIMke6Be WinE8H0RJHSN71rUQp64gFDmtDDhRk0zam3FzpNVFprhwPGaFo6oY9wDBJQ9Qz6EuKyROJjDGa+ uza4VOTa8iHlN58Yv5BF9+4BGl0LA5pUD5xKXg4aQlVZm0co3NKxCGxQpu3aC352Gv3DZONmwQd tkrlaylV3YSew7bWtwAZF/zi9jblmprPoL7ktzeFSxmarVNmWRi+Bmxg7Y7tbGtR8XZUxLTo86G thANsssetjp3POuBvMBRlw6jRa5pKN7yVlP+F2lyiZGSMf5hnSU6eAVupmtfjRcxy0momwpxDnz 06hwnOWvBnUdR8U2/KX7cq26u1Jy5xFZMPOVONRbRUrwey8Qar6cWgf12xSymQuVX0DfYd4R8kN Hg0qCtLeaYZcj8B90M2N0cEX1P0vKSxw7NLy/3X8Qeriusu66jNA37P4Mn5QRTG2hz4d9D/6E3a EX852nwAAAABJRU5ErkJggg== Subject: Re: pf firewall nat and IPSec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: zeus@ibs.dn.ua List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2011 07:25:53 -0000 Da Rock (freebsd-pf@herveybayaustralia.com.au) [11.05.23 08:23] wrote: > Ok. So I've tried wifi hotspots and the mobile network- all no go. > Racoon's obviously not the problem or L2TP; its definitely PF. does your configuration work without pf? -- Zeus V. Panchenko JID:zeus@gnu.org.ua GMT+2 (EET) From owner-freebsd-pf@FreeBSD.ORG Wed May 25 03:57:42 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A26A106566C for ; Wed, 25 May 2011 03:57:42 +0000 (UTC) (envelope-from freebsd-pf@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id 48E388FC12 for ; Wed, 25 May 2011 03:57:42 +0000 (UTC) Received: from laptop1.herveybayaustralia.com.au (laptop1.herveybayaustralia.com.au [192.168.0.186]) by mail.unitedinsong.com.au (Postfix) with ESMTP id 244665C45 for ; Wed, 25 May 2011 14:06:12 +1000 (EST) Message-ID: <4DDBAFF9.20705@herveybayaustralia.com.au> Date: Tue, 24 May 2011 23:17:45 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.16) Gecko/20110204 Thunderbird/3.0.11 ThunderBrowse/3.3.4 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <4DD8E815.4090209@herveybayaustralia.com.au> <20110522122229.GD36033@relay.ibs.dn.ua> <4DD9EF87.6070104@herveybayaustralia.com.au> <20110524072550.GB70509@relay.ibs.dn.ua> In-Reply-To: <20110524072550.GB70509@relay.ibs.dn.ua> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: pf firewall nat and IPSec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2011 03:57:42 -0000 On 05/24/11 17:25, Zeus V Panchenko wrote: > Da Rock (freebsd-pf@herveybayaustralia.com.au) [11.05.23 08:23] wrote: > >> Ok. So I've tried wifi hotspots and the mobile network- all no go. >> Racoon's obviously not the problem or L2TP; its definitely PF. >> > does your configuration work without pf? > > Not really an option atm- thats why I asked about other firewall types. My research has found that IPTables doesn't have a problem (according to IPCop)- needs some finer adjustments, but works. So I'm now looking at testing IPFW or IPFilter- I'll advise the outcome of this as well; if it works on either of these then it won't a BSD issue. But I'm still curious to find what could be the issue with PF if it does work on the others... Looking at my flows I see that Android appears to accept keys and start sending packets on 4500; whereas racoon local appears to ignore the packets and is left unaware that the keys are accepted. What I still haven't discovered is why? Is anyone further advanced on this? I'm currently considering a comparison of IP packets to see if there is any difference as it passes through PF. Thoughts? From owner-freebsd-pf@FreeBSD.ORG Wed May 25 09:34:52 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 96A8E106564A for ; Wed, 25 May 2011 09:34:52 +0000 (UTC) (envelope-from zeus@relay.ibs.dn.ua) Received: from relay.ibs.dn.ua (relay.ibs.dn.ua [91.216.196.25]) by mx1.freebsd.org (Postfix) with ESMTP id 136A68FC0A for ; Wed, 25 May 2011 09:34:51 +0000 (UTC) Received: from relay.ibs.dn.ua (localhost [127.0.0.1]) by relay.ibs.dn.ua with ESMTP id p4P9YnV1082994 for ; Wed, 25 May 2011 12:34:49 +0300 (EEST) Received: (from zeus@localhost) by relay.ibs.dn.ua (8.14.4/8.14.4/Submit) id p4P9Yn5d082993 for freebsd-pf@freebsd.org; Wed, 25 May 2011 12:34:49 +0300 (EEST) Date: Wed, 25 May 2011 12:34:49 +0300 From: Zeus V Panchenko To: freebsd-pf@freebsd.org Message-ID: <20110525093449.GD70509@relay.ibs.dn.ua> Mail-Followup-To: freebsd-pf@freebsd.org References: <4DD8E815.4090209@herveybayaustralia.com.au> <20110522122229.GD36033@relay.ibs.dn.ua> <4DD9EF87.6070104@herveybayaustralia.com.au> <20110524072550.GB70509@relay.ibs.dn.ua> <4DDBAFF9.20705@herveybayaustralia.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4DDBAFF9.20705@herveybayaustralia.com.au> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 8.1-RELEASE X-Editor: GNU Emacs 23.2.1 X-Face: iVBORw0KGgoAAAANSUhEUgAAACoAAAAqBAMAAAA37dRoAAAAFVBMVEWjjoiZhHDWzcZuW1U wOT+RcGxziJxEN0lIAAABrklEQVQokV2STXLbMAyFQaraE3a5dzSTfR1IF7CQrM3QuECn9z9DH0 gxzgSyFvr88PBD0uJxoR6BE+e8LtRgohE5ZB50sODP/REbfUnte/z12+llCekLUSKenFIMke6Be WinE8H0RJHSN71rUQp64gFDmtDDhRk0zam3FzpNVFprhwPGaFo6oY9wDBJQ9Qz6EuKyROJjDGa+ uza4VOTa8iHlN58Yv5BF9+4BGl0LA5pUD5xKXg4aQlVZm0co3NKxCGxQpu3aC352Gv3DZONmwQd tkrlaylV3YSew7bWtwAZF/zi9jblmprPoL7ktzeFSxmarVNmWRi+Bmxg7Y7tbGtR8XZUxLTo86G thANsssetjp3POuBvMBRlw6jRa5pKN7yVlP+F2lyiZGSMf5hnSU6eAVupmtfjRcxy0momwpxDnz 06hwnOWvBnUdR8U2/KX7cq26u1Jy5xFZMPOVONRbRUrwey8Qar6cWgf12xSymQuVX0DfYd4R8kN Hg0qCtLeaYZcj8B90M2N0cEX1P0vKSxw7NLy/3X8Qeriusu66jNA37P4Mn5QRTG2hz4d9D/6E3a EX852nwAAAABJRU5ErkJggg== Subject: Re: pf firewall nat and IPSec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: zeus@ibs.dn.ua List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2011 09:34:52 -0000 Da Rock (freebsd-pf@herveybayaustralia.com.au) [11.05.25 06:58] wrote: > > I'm currently considering a comparison of IP packets to see if there is > any difference as it passes through PF. Thoughts? as for me, i was not lucky to get more than IP address assigned by mpd to android and several seconds of successfull ping ... looks like rekeying to my mind -- Zeus V. Panchenko JID:zeus@gnu.org.ua GMT+2 (EET)